Public Key Infrastructure Model Research Articles

Monitoring Key Pair Usage through Distributed Ledgers and One-Time Signatures

Private key management is a complex obstacle arising from the traditional public key infrastructure model. However, before any related security breach can be addressed, it must first be reliably detected. Certificate Transparency (CT) is an example of a certificate issuance monitoring strategy, developed to detect the possible malfeasance of certification authorities (CAs). To the best of our knowledge, CT and other detection mechanisms do not cover digitally signed documents made by an end user, which are also susceptible to CA misbehavior. We modify the CT framework to handle signed documents via logging certificates in the blockchain to enable the secure and user-friendly monitoring of one-time signatures, backdating protection, and effective CA misbehavior detection. Moreover, to demonstrate the feasibility of our proposal, we present distinct deployment scenarios and analyze the storage, performance, and monetary costs.

Improving the data access control using blockchain for healthcare domain.

Introduction:Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods:In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results:We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion:This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

Improving the data access control using blockchain for healthcare domain.

Introduction:Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods:In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results:We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion:This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

Improving the data access control using blockchain for healthcare domain

Introduction: Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods: In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results: We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion: This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

Improving the data access control using blockchain for healthcare domain

Introduction Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

A Public Key Infrastructure Model for Verification of Court Documents: The Judiciary of Kenya

A Public Key Infrastructure Model for Verification of Court Documents: The Judiciary of Kenya

Principles of building and analyzing public key infrastructures based on the use of blockchain technology

The paper provides a rationale for the possibilities and the need to create blockchain-based public key infrastructure. An improved public key infrastructure model with blockchain-based certificate transparency as well as the main problematic issues of promising blockchain-based public key infrastructures are analyzed. A general assessment of the public key infrastructure based on the blockchain stability in conditions of well-known attacks is carried out.

Checking certificate revocation efficiently using certificate revocation guard

In the Public Key Infrastructure (PKI) model, digital certificates play a vital role in securing online communication. Communicating parties exchange and validate these certificates and the validation should fail if the certificate has been revoked. However, some existing studies [1,2] raise an alarm as the certificate revocation check is skipped in the existing PKI model for a number of reasons including network latency overheads, bandwidth costs, storage costs and privacy issues. In this article, we propose a Certificate Revocation Guard (CRG) to efficiently check certificate revocation while minimising bandwidth, latency and storage overheads. CRG is based on OCSP, which caches the revocation status of certificates locally, thus strengthening user privacy for subsequent requests. CRG is a plug and play component that could be installed on the user’s machine, at the organisational proxy or even in the ISP network. Compared to a naive approach (where a client checks the revocation status of all certificates in the chain on every request), CRG decreases the bandwidth overheads and network latencies by 95%. Using CRG incurs 69% lower storage overheads compared to the CRL method. Our results demonstrate the effectiveness of our approach to improve the certificate revocation process.

‘A public key infrastructure model for privacy‐enhancing general purpose eIDs’

In this study, the authors propose a hybrid identity certificate – attribute certificate public key infrastructure (PKI) model with elements of anonymity, applicable to general purpose electronic identities, which aims to defend personal information privacy, hinder user tracking and preserve the free will of its users. The authors analyse the associated processes, the certificate contents and the roles of the parties involved. The authors’ motive for its formulation is the belief that research previously done in this field is either too restrictive, too proprietary, too difficult to implement, or a combination of the above. In addition, the PKIs that have been deployed in most countries, both public and private, do not in the authors view protect personal information privacy. Instead, the authors propose a model that adheres to standards, is easy to implement, requires as little as possible application development for integration into commercial PKI systems, is suitable for large-scale deployment and concedes little in the protection of personal information privacy.

A mission-critical certification authority architecture for high reliability and response time

A public key infrastructure (PKI) is a set of elements and procedures needed to manage digital certificates. A PKI must guarantee the reliability of its services, assuring the timeliness of its responses and the continuity of the service despite of the growth in the number of users and the presence of hardware or software failures. Avoiding duplication of public keys due to intentional or involuntary errors is mandatory in a PKI; hence, the verification of public keys uniqueness is a fundamental task. In this paper, we propose a model of a PKI deploying uniqueness verification based on autonomous decentralised systems (ADS) concepts, namely online expandability, online maintenance and fault tolerance. There are two main contributions of this paper; application of ADS concept in a PKI model and a software implementation of ADS architecture.

Identification, trust and privacy: How biometrics can aid certification of digital signatures

Public key infrastructure (PKI) enables the secure and private exchange of data using an unsecure public network, such as the Internet. The use of paired private and public keys, issued by a trusted third-party authority, enables documents to be transferred securely and for the sender to be authenticated. The use of biometrics offers the potential to enhance considerably the PKI model in restricting the use of your private key for encryption and decryption. The use of a fingerprint, for example, can provide a higher level of confidence than the traditional password/PIN model. This provides the additional level of individual or personal authentification should a group of people have access to one key. The authentification of data, or a document, is often physically remote from the owner, especially for Internet-based communications. Conversely, traditional biometric usage has been to identity the physical presence of a person, for example for secure entry, or the receipt of information, or the receipt of goods. Within the EU, the European Electronic Signature Standardisation Initiative (EESSI) has led to a plethora of standards covering PKI, electronic signature algorithms, electronic signature formats, time stamping, the provision of certification services, information security and the preservation of evidence. This paper illustrates how a legally compliant and secure framework for the verification and non-repudiation of digital technology can be established using PKI and biometric technologies. In particular, the legal requirements for digital signatures and their certification must be defined, especially with reference to biometric methods for certificate protection and access.

New models for the management of public key infrastructure and root certification authorities

Public key infrastructure (PKI) has been discussed for some time but has yet to command much attention from business or policy makers. The benefits of chaining certificate authorities (CA) together have not been obvious and confusion has reigned over the proper role of government. But a new PKI model emphasises control and audit, so that certificates may be issued to different user groups under their own rules, with external assurance of fitness for purpose. This type of model is supported by existing standards certification and accreditation processes. No special new authorities are needed and complex cross‐certification protocols are avoided. Other advantages of an accreditation‐based PKI include a non‐government peak authority, an opt‐in, bottom‐up growth path, easily understood business language for all the elements of the PKI, and clarification of the legal liability of all CAs, in particular the peak authority.